---
title: "Account Management"
description: "REST endpoints for user account management"
---

## Get User Profile

Retrieve the current user's profile information.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/account/me
```

```bash Development
GET https://devapi.mentra.glass/api/account/me
```

```bash Local
GET http://localhost:8002/api/account/me
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Response

Success (200):
```json
{
  "id": "user-uuid",
  "email": "user@example.com",
  "name": "John Doe",
  "profile": {
    "displayName": "JohnD",
    "phoneNumber": "+1234567890"
  },
  "createdAt": "2024-01-01T00:00:00Z"
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Failed to fetch user data"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:153-194`
- **Middleware**: `validateCoreToken`
- **Source**: Supabase auth.users table

## Update User Profile

Update the current user's profile information.

### Endpoint

<CodeGroup>
```bash Production
PUT https://api.mentra.glass/api/account/profile
```

```bash Development
PUT https://devapi.mentra.glass/api/account/profile
```

```bash Local
PUT http://localhost:8002/api/account/profile
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Request Body

```json
{
  "name": "John Doe",
  "displayName": "JohnD",
  "phoneNumber": "+1234567890",
  "additionalField": "value"
}
```

### Response

Success (200):
```json
{
  "id": "user-uuid",
  "email": "user@example.com",
  "name": "John Doe",
  "profile": {
    "displayName": "JohnD",
    "phoneNumber": "+1234567890",
    "additionalField": "value"
  }
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Failed to update user profile"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:200-283`
- **Service**: Updates Supabase user metadata

## Delete Account

Immediately delete the user account and all associated data.

<Warning>
This action is irreversible and will permanently delete all user data including photos, settings, and app installations.
</Warning>

### Endpoint

<CodeGroup>
```bash Production
POST https://api.mentra.glass/api/account/request-deletion
```

```bash Development
POST https://devapi.mentra.glass/api/account/request-deletion
```

```bash Local
POST http://localhost:8002/api/account/request-deletion
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Request Body

```json
{
  "reason": "User requested deletion" // optional
}
```

### Response

Success (200):
```json
{
  "success": true,
  "message": "Account deleted successfully"
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Failed to delete user account"
}
```

### Data Cleanup

The deletion process includes:
1. Terminating all active sessions
2. Deleting gallery photos and files
3. Removing user document from MongoDB
4. Cleaning up organization memberships
5. Deleting user from Supabase auth

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:292-345`
- **Cleanup Function**: `performCompleteUserDataCleanup()` at lines 49-121

## Request Data Export

Request an export of all user data in JSON or CSV format.

### Endpoint

<CodeGroup>
```bash Production
POST https://api.mentra.glass/api/account/request-export
```

```bash Development
POST https://devapi.mentra.glass/api/account/request-export
```

```bash Local
POST http://localhost:8002/api/account/request-export
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Request Body

```json
{
  "format": "json" // or "csv", defaults to "json"
}
```

### Response

Success (200):
```json
{
  "id": "export_abc123...",
  "status": "pending",
  "message": "Export request submitted successfully. The export is being processed."
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Internal server error"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:354-440`
- **Storage**: Temporary file storage with 24-hour retention
- **Cleanup**: Automatic cleanup of old exports

## Get Export Status

Check the status of a data export request.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/account/export-status?id=<exportId>
```

```bash Development
GET https://devapi.mentra.glass/api/account/export-status?id=<exportId>
```

```bash Local
GET http://localhost:8002/api/account/export-status?id=<exportId>
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Query Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `id` | string | Export request ID (required) |

### Response

Success (200):
```json
{
  "id": "export_abc123...",
  "status": "completed", // or "pending", "processing", "failed"
  "format": "json",
  "createdAt": "2024-01-01T00:00:00Z",
  "completedAt": "2024-01-01T00:05:00Z",
  "downloadUrl": "/api/account/download-export/export_abc123..." // only if completed
}
```

Error (400/401/403/404):
```json
{
  "error": "Export ID is required" // or "Unauthorized", "Not authorized to access this export", "Export request not found"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:507-554`

## Download Export

Download a completed data export.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/account/download-export/:id
```

```bash Development
GET https://devapi.mentra.glass/api/account/download-export/:id
```

```bash Local
GET http://localhost:8002/api/account/download-export/:id
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `id` | string | Export request ID (in URL) |

### Response

Success (200):
- File download with appropriate content type:
  - `application/json` for JSON exports
  - `text/csv` for CSV exports
- Content-Disposition header for file download

Error (400/401/403/404):
```json
{
  "error": "Export is not ready for download" // or "Unauthorized", "Not authorized to access this export", "Export not found", "Export file not found"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:560-616`
- **Note**: Streams file directly to response

## Get Privacy Settings

Retrieve user's privacy settings.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/account/privacy
```

```bash Development
GET https://devapi.mentra.glass/api/account/privacy
```

```bash Local
GET http://localhost:8002/api/account/privacy
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Response

Success (200):
```json
{
  "shareUsageData": true,
  "receiveNotifications": true,
  "allowDataCollection": true
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Failed to fetch user data"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:622-679`
- **Note**: Returns default settings if not set

## Update Privacy Settings

Update user's privacy settings.

### Endpoint

<CodeGroup>
```bash Production
PUT https://api.mentra.glass/api/account/privacy
```

```bash Development
PUT https://devapi.mentra.glass/api/account/privacy
```

```bash Local
PUT http://localhost:8002/api/account/privacy
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Request Body

```json
{
  "shareUsageData": false,
  "receiveNotifications": true,
  "allowDataCollection": false
}
```

### Response

Success (200):
```json
{
  "shareUsageData": false,
  "receiveNotifications": true,
  "allowDataCollection": false
}
```

Error (401/404/500):
```json
{
  "error": "Unauthorized" // or "User not found", "Failed to update privacy settings"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:685-754`
- **Service**: Updates Supabase user metadata

## Get OAuth App Details

Get app details for OAuth authentication flow.

### Endpoint

<CodeGroup>
```bash Production
GET https://api.mentra.glass/api/account/oauth/app/:packageName
```

```bash Development
GET https://devapi.mentra.glass/api/account/oauth/app/:packageName
```

```bash Local
GET http://localhost:8002/api/account/oauth/app/:packageName
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Parameters

| Parameter | Type | Description |
|-----------|------|-------------|
| `packageName` | string | App package name (in URL) |

### Response

Success (200):
```json
{
  "success": true,
  "app": {
    "name": "Example App",
    "packageName": "com.example.app",
    "webviewURL": "https://app.example.com/oauth",
    "description": "An example app",
    "icon": "https://cdn.example.com/icon.png"
  }
}
```

Error (400/401/404):
```json
{
  "error": "Package name is required" // or "Unauthorized", "App not found", "App does not support web authentication"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:762-818`
- **Validation**: Checks if app has webviewURL configured

## Generate OAuth Token

Generate a signed JWT token for app OAuth authentication.

### Endpoint

<CodeGroup>
```bash Production
POST https://api.mentra.glass/api/account/oauth/token
```

```bash Development
POST https://devapi.mentra.glass/api/account/oauth/token
```

```bash Local
POST http://localhost:8002/api/account/oauth/token
```
</CodeGroup>

### Headers

```
Authorization: Bearer <coreToken>
```

### Request Body

```json
{
  "packageName": "com.example.app"
}
```

### Response

Success (200):
```json
{
  "success": true,
  "token": "eyJhbGciOiJSUzI1NiIs...",
  "expiresIn": "10m"
}
```

Error (400/401/500):
```json
{
  "error": "Package name is required" // or "Unauthorized", "Failed to generate authentication token"
}
```

### Implementation

- **File**: `packages/cloud/src/routes/account.routes.ts:826-872`
- **Service**: Uses tokenService.issueUserToken()
- **Expiry**: 10 minutes

## Error Codes

| Code | Description |
|------|-------------|
| 400 | Bad request - missing required parameters |
| 401 | Unauthorized - invalid token |
| 403 | Forbidden - not authorized to access resource |
| 404 | Resource not found |
| 500 | Internal server error |

## Notes

- Account deletion is immediate without email verification since the mobile app has a 3-step confirmation process
- Export files are automatically deleted after 24 hours
- All endpoints require valid core token authentication
- Privacy settings are stored in Supabase user metadata
- OAuth tokens are signed JWTs with 10-minute expiration